Configuring VXLAN

Prerequisites for VXLAN

VXLAN has the following prerequisites:

The Cisco Nexus 1000V uplink port profiles and all interconnecting switches/routers in between the ESX hosts must have their supported MTU set to at least 50 bytes larger than the MTU of the VMs. For example, the VMs default to using a 1500 byte MTU (same as the uplinks and physical devices), so in this case they must be set to at least 1550 bytes. If this isn’t possible, then all VM’s VNICs should have their MTU lowered to be 50 bytes smaller than what the physical network supports, for example 1450 bytes. For more information, see the Cisco Nexus 1000V Port Profile Configuration Guide.

If the Cisco Nexus 1000V is using a port channel for its uplinks, then the load distribution algorithm should be set to use a 5-tuple hash (IP/L4/L4 Ports). The same should be used for any port channels on the physical switches. For more information, see the Cisco Nexus 1000V Interface Configuration Guide.

If VEMs requiring VXLAN connectivity are separated by a router:

Proxy ARP must be enabled on the SVIs connected to the Cisco Nexus 1000V’s VXLAN transport VLANs (the ones the “capability vxlan” port profiles are connected to).

Multicast routing must be enabled on the routers.

VXLAN makes use of MAC in IP (UDP) with a destination port of 8472. You must allow this through any firewall.

Your upstream switch, from the VEMs of the Cisco Nexus 1000V, needs to provide an IGMP querier function.

Default Settings for VXLAN

The following table lists the default settings for VXLAN parameters.

Table 1 Default VXLAN Parameters

Parameter

Default

VXLAN

Disabled

Configuring VXLAN

Initial Enabling of VXLANs

To enable a VXLAN, you must to perform the following two procedures when first configuring VXLAN.

Configuring vmknics for VXLAN Encapsulation

Identify a VLAN to be used for transporting VXLAN encapsulated traffic.

Ensure it is configured on the uplink port profile for all VEMs on which VXLAN can be configured.

Procedure

Command or Action

Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# port-profileprofilename

Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

profilename—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

Note

If a port profile is configured as an Ethernet type, it cannot be used to configure VMware virtual ports.

Step 3

switch(config-port-prof)# vmware port-groupname

Designates the port profile as a VMware port group.

The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on the vCenter Server.

Step 4

switch(config-port-prof)# switchport mode access

Designates the interfaces as switch access ports (the default).

Step 5

switch(config-port-prof)# switchport access vlanid

Assigns a VLAN ID to this port profile.

Step 6

switch(config-port-prof)# capability vxlan

Assigns the VXLAN capability to the port profile to ensure that the interfaces that inherit this port profile are used as sources for VXLAN encapsulated traffic.

Step 7

switch(config-port-prof)# no shutdown

Administratively enables all ports in the profile.

Step 8

switch(config-port-prof)# state enabled

Sets the operational state of a port profile.

Step 9

switch(config-port-prof)# show port-profile nameprofilename

Displays the port profile configuration.

Step 10

switch(config-port-prof)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

The following example shows how to configure a vmknic for VXLAN encapsulation.

The vSphere administrator must create a new vmknic on each ESX/ESXi host and assign the previously created port profile to this vmknic.

Enabling VXLANs

Before You Begin

Enter the show system vem feature level command to confirm that the feature level is 4.2(1)SV1(5.1) or later. If the feature level is not 4.2(1)SV1(5.1) or later, see the Cisco Nexus 1000V Installation and Upgrade Guide.

Procedure

Command or Action

Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# feature segmentation

Enables the VXLAN feature.

Step 3

switch(config)# show feature | grep segmentation

(Optional)

Displays if the VXLAN feature is enabled.

Step 4

switch(config)# show processes | grep seg_bd

(Optional)

Displays if the VXLAN process is running.

Step 5

switch(config)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Creating a Port Profile Configured to Use a VXLAN

Alternatively, you can associate ports with a bridge domain by modifying the configuration of an existing vEthernet port profile to use VXLANs instead of VLANs. To do so, enter the switchport access bridge-domain name command on a profile with switchport mode access configured.

Procedure

Command or Action

Purpose

Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# port-profile [type {ethernet | vethernet}] name

Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).

Note

If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

Step 3

switch(config-port-prof)# vmware port-group [pg_name]

Designates the port profile as a VMware port group.

The port profile is mapped to a VMware port group of the same name unless you specify a name here. When you connect the VSM to vCenter Server, the port group is distributed to the virtual switch on the vCenter Server.

Step 4

switch(config-port-prof)# switchport mode access

Designates that the interfaces are to be used as a trunking ports.

A trunk port transmits untagged packets for the native VLAN and transmits encapsulated, tagged packets for all other VLANs.

Enters port profile configuration mode for the named port profile. If the port profile does not already exist, it is created using the following characteristics:

name—The port profile name can be up to 80 characters and must be unique for each port profile on the Cisco Nexus 1000V.

type—(Optional) The port profile type can be Ethernet or vEthernet. Once configured, the type cannot be changed. The default is the vEthernet type. Defining a port profile type as Ethernet allows the port profile to be used for physical (Ethernet) ports. In the vCenter Server, the corresponding port group can be selected and assigned to physical ports (PNICs).

Note

If a port profile is configured as an Ethernet type, then it cannot be used to configure VMware virtual ports.

Step 3

switch(config-port-prof)# no switchport access bridge-domain

Removes the VXLAN bridge domain from this port profile.

Step 4

switch(config-port-prof)# show port-profile usage

(Optional)

Displays a list of interfaces that inherited a port profile.

Step 5

switch(config-port-prof)# show bridge-domain

(Optional)

Displays all bridge domains.

Step 6

switch(config-port-prof)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.